Page MenuHomePhabricator

AntiSpoof doesn't actually stop simple spoofing
Closed, DeclinedPublic


Author: mike.lifeguard+bugs

For example, the account "MardetanhA" was created, which is obviously very close to "Mardetanha" -- this is despite that the original account existed locally prior to the spoof being created (on mywiki):

  1. MardetanhA (Created on 17 June 2009 at 22:07)
  2. Mardetanha (Created on 2 June 2008 at 19:00)

Ideally, AntiSpoof would check against the CentralAuth database in addition to the local user list, but in this case, even a local check would have been sufficient. That's bug 15545.

Unless the extension is disabled or otherwise non-functional, it seems that the rules used to detect similarity are pretty bad (a case change should be utterly trivial, and more complex matching at a high quality is desperately needed).

This may be related to bug 18447?

Version: unspecified
Severity: major



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:41 PM
bzimport added projects: AntiSpoof, TestMe.
bzimport set Reference to bz19273.
bzimport added a subscriber: Unknown Object (MLST).

Can't reproduce. At least it's not /that/ weak.

Login error
The name "PlatonideS" is too similar to the existing account:

  • Platonides

Please choose another name.

Login error
The name "MardetanhA" is too similar to the existing account:

  • Mardetanha (contribs)

Please choose another name.

drdee added a comment.Jan 29 2011, 7:58 PM

I am putting the status to Resolved and Worksforme as Platonides was unable to reproduce it. If the bugreporter feels that this is incorrect then please reopen the bug.

Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptJan 11 2017, 11:33 PM